Comments (26)
Are people happy to bring in an extra library to handle it (e.g busboy)?
I think the main annoyance is that we already are bringing in an extra library (in addition to express
) to parse our body (body-parser). Having to bring yet another library in because the body parser doesn't support all types of bodies is a pain
from body-parser.
People don't ever seem to be happy :)
from body-parser.
oh ~ i'm not the only one~
from body-parser.
+1 for this, specially since XMLHttpRequest 2 now supports FormData()
Currently using multer
just for this purpose. This way it doesn't accept any files, but doesn't look very pretty:
formdataParser = require('multer')().fields([])
app.use(formdataParser)
from body-parser.
For anyone else stumbling across this issue, express-form-data does the job pretty well
from body-parser.
As someone who doesn't use multipart form data requests, I can still see the value in it.
It probably makes sense for this module to be able to parse multipart forms.
But is there a need? Are people happy to bring in an extra library to handle it (e.g busboy)?
from body-parser.
Ahh form-data
It probably makes sense for this module to be able to parse multipart forms.
Yes, this would be nice. :)
from body-parser.
👍
from body-parser.
Yes this is a highly needed feature. :)
Basically the body parsing options are:
- field inputs - Works good.
- file inputs - need something else
- file and field inputs - need something else as body parser does not know how to process fields when enctype is set to multipart.
from body-parser.
What can we do to gain some traction on this issue? Would someone like to collaborate on implementing this?
from body-parser.
Hi @macmichael01 so you are interested in a parser that would drop the files, then?
from body-parser.
"a parser that would drop the files" - That would be a nice work around for now. Full file upload support would be even better. I'm guessing that are some security obstacles.
from body-parser.
@macmichael01 , this module will never have full file upload, as it does not fit into the fundamental design. You'll always have to reach for the modules listed in the readme for parsing with file support.
from body-parser.
@dougwilson That's fine. Should I open a new ticket for suggestion that you made?
from body-parser.
Should I open a new ticket for suggestion that you made?
I'm not sure. Which suggestions would that be? Are they different from the post at the top of this issue?
from body-parser.
Is there anything that I can help out with on this? This is a blocker for a project that I am working on. I briefly scanned through the source but I have no idea how you would determine which fields to strip and which to keep. Let me know what I can do to help :)
from body-parser.
Hi @macmichael01 , I'm' not sure how this is a blocker. Are you not able to use any of the multipart parsers that are listed at the top of the readme? As for what to do, you'll need to integrate one of those parsers into this module as lib/types/multipart.js
. Those modules have their own documentation explaining how to determine which fields are text or files and you would just have to drop the file fields and accumulate the text fields into an object.
from body-parser.
I am using this starter kit: https://github.com/sahat/hackathon-starter. This project uses the CSRF library https://github.com/krakenjs/lusca (which is also using body-parser). Since body-parser doesn't understand multipart, I receive a CSRF error when a multipart form is submitted. I was hoping perhaps there is a way to grab just the _csrf field from the multipart to satisfy CSRF. I'm not entirely sure how I would go about doing this since CSRF relies directly on body-parser. I've tried everything that I can think of but no luck.
from body-parser.
Ah, gotcha. I'm not really sure what the answer is besides you can definitely do CSRF tokens with multipart if you put all the pieces together yourself. Perhaps that starter kit just needs to be improved? This module has never supported multipart, ever. You can go all the way back to the first 1.0.0 (https://github.com/expressjs/body-parser/tree/1.0.0) on Jan 6, 2014 and it still doesn't support multipart.
Adding multipart to this module is going to be a large task, and not something that is going to happen overnight without either someone implementing, providing a PR, and iterating on it or funding to get it added.
This project uses the CSRF library https://github.com/krakenjs/lusca (which is also using body-parser).
I'm not sure what you mean, as lusca
does not have a dependency on this module at all (in fact, it actually has zero dependencies).
from body-parser.
I figured something like this would be a major undertaking.
Let me re-investigate my issue again tonight, perhaps lusca was not the issue after all.
from body-parser.
It looks like body-parser is used with lusca. it's a required configuration in your app.js. lusca refers to the req.body for the _csrf token key. Since body-parser doesn't support multipart body data, req.body is {}. I really don't see an easy work around other than ditching lusca for something else and using something like node formidable. Just thought I'd share. Thanks for your help @dougwilson!
from body-parser.
This is a blocker for my current project, too. It's been two years on this issue, so it should be closed if it isn't going to get fixed. It's cruel to keep us in suspense.
from body-parser.
Hi @0x70b1a5 it was my impression from the conversation above that a PR would have been coming, but none ever materialized. You're absolutely welcome to tackle this based on the implementation discussed above. The issue is open so people are aware that it is something they could work on and contribute towards if they are so inclined to do so. I personally simply use the multipart parsers listed in the README directly and don't have any issues accepting multipart data; the issue was opened because I kept closing the requests for this, so this would be the tracking request. If I closed this, I'm sure new issues will start popping up just like they used to. If you have a better solution, please let me know.
from body-parser.
If we uses serverless and a node server like NestJs. The request body will be converted to Buffer and forward to nodejs server, if we don't have multipart parser, we can not read the file upload.
from body-parser.
use Formidable to handle "multipart/form-data".
from body-parser.
simple dependency free workaround:
app.post('/upload', async (req, res) => {
const formData = await new Response(req, { headers: req.headers }).formData()
const files = formData.getAll('files')
})
(require NodeJS v18+)
from body-parser.
Related Issues (20)
- bodyParser is deprecated, error HOT 1
- bodyparser.json() shown as deprecated? (question) HOT 7
- pass options to qs thru urlencoded? HOT 4
- Cannot catch SyntaxError when user provides invalid JSON in body and content-type: application/json HOT 3
- Support for content-encoding: deflate raw HOT 7
- req.body could not be accessed when send as form data, but works fine with JSON HOT 3
- Pass custom parameters to `qs` HOT 3
- Update iconv-lite to latest 0.6.3 HOT 7
- support for ndjson
- Regular Expression Denial of Service (ReDoS) in [email protected] HOT 3
- Update `debug` dependency (memory leak leading to vulnerability) HOT 1
- api calls made with invalid json HOT 5
- Add support for removing body parser limit HOT 8
- BadRequestError: request size did not match content length HOT 7
- How to handle content-type mismatch? HOT 1
- CVE-2017-20165 - debug HOT 2
- Issue HOT 1
- Debug package version in body parser showing security vulnerability HOT 10
- fails silently if the json has extra whitespace HOT 2
- json middleware does not work on content types with a `+` HOT 9
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from body-parser.